CODEWITHSUNDEEP
asp.net
Andry
Andry

Reputation: 16845

How to deny access to some pages in Asp.Net applications

I have one need: In an Asp.Net 4.0 application I would like to deny access to some resources. The goal I would like to reach is the following:

1) Consider a user trying to get a document from my application, for example a txt file located somewhere in my application.

2) When the user types the url of my web site and the resource, for example www.mysite.com/Folder1/myfile.txt my application should NOT give that file back.

How to do this???

Thankyou

Upvotes: 1

Views: 385

Answers (2)

Glory Raj
Glory Raj

Reputation: 17691

You can use location tags to control this type of thing.

In this example, I give Customers and Admins access to the CustomersFolder directory:

<location path="CustomersFolder">
    <system.web>
        <authorization>
            <allow roles="Customers, Admin"/>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

And with this second block, I then limit access to a certain file under that folder to just Admins:

<location path="CustomersFolder/SecureFile.aspx">
    <system.web>
        <authorization>
            <allow roles="Admin"/>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

Hopefully something like that will work for you.

Upvotes: 2

Jakob Gade
Jakob Gade

Reputation: 12419

You can use the location element in web.config to restrict access to pages or folders. But in order for it to work for files which are normally not handled by the .NET runtime (i.e. .txt files), you have to configure that in IIS or web.config as well.

Another option is to put your sensitive files in the App_Data folder, and only serve the up via a special page or HttpHandler, which checks for permissions.

Upvotes: 1

Related Questions